For a well known client operating in the energy sector in United Arab Emirates, we are currently looking for Cybersecurity Analyst – Governance. This is a long-term job opportunity.
The Cybersecurity Senior Specialist is responsible for contributing towards the Cyber protection of the organisation through the development and execution of a Cybersecurity framework and policy covering all Enterprise Technology. The role includes developing Cybersecurity governance model, development of Cyber risk and compliance framework, conducting periodic and need based Cyber risk assessments, and performing compliance exercises to ensure the effectiveness of required security controls. In addition, this role is responsible for supporting the development of Cybersecurity related business continuity policies and developing the incident and threat identification and response capability as instructed by the Cybersecurity Head.
The Cybersecurity Senior Specialist is also responsible for supporting junior staff and providing continuous feedback and support to foster section improvements.
Job Specific Responsibilities:
- Responsible for developing and managing governance, risk management and compliance functions.
- Develop, maintain and execute enterprise-wide Cybersecurity policies, standards, guidelines, processes and frameworks in alignment with relevant regulatory requirements and industry standards.
- Develop cybersecurity strategy and manage cybersecurity gap analysis and maturity assessments.
- Develop and manage organization wide cybersecurity Training and Awareness Programs to cater audience from multiple domains and varying skillsets.
- Support development of Business Continuity policies and plans to ensure Cybersecurity requirements and action plans are fully covered.
- Develop Cybersecurity Risk Management framework in coordination with Enterprise Risk Management to ensure Cyber risks are appropriately addressed from mitigation and risk acceptance perspective.
- Manage all security risk assessment related activities for existing infrastructure and new projects/initiatives including but not limited to evaluating new threats and vulnerabilities, conducting risk assessments, preparing risk assessment reports and mitigation actions/plans, managing and maintaining Risk Register.
- Coordinate with the Enterprise Technology Project team to integrate Cybersecurity requirements in enterprise technology projects; this includes ensuring security aspects are considered and conducting acceptance tests in coordination with the various Enterprise Technology teams to ensure Cybersecurity requirements are met
- Understand government regulatory requirements and work to ensure organization compliance
- Conduct and manage periodic Cybersecurity reviews and audits and ensure compliance of functions to the Cybersecurity standards, regulatory requirements, policies, etc.
- Work with key stakeholders to ensure that compliance programs, audits and assessments are conducted in accordance to organization’s policy requirements.
- Manage periodic external and internal penetration tests and ensure corrective actions and mitigations are implemented when necessary.
- Reviewing classification schemes, define standards for labelling information assets, identify appropriate controls for each classification and define rules for sharing sensitive information. for proper data and information protection
- Architect and develop the SOC capability in terms of technology, process and people
- Work closely with colleagues in the Enterprise Technology and Cyber function and the various departments to ensure appropriate support and collaboration exist to achieve the organisational objectives
- Implement all relevant section policies, processes, and procedures so that work is carried out in a controlled and consistent manner
- Execute the continuous improvement of systems, processes and practices taking into account ‘international leading practice’ and changes in business environment and leveraging insights. This includes supporting the related change management efforts
- Contribute to the preparation of timely and accurate reports to meet the section requirements, policies and standards
Knowledge, Experience and Skills
- Bachelor’s degree in Cybersecurity, Computer Engineering, Computer Science, Enterprise/Information Technology, Information Systems or related field
- Must have at least one Cybersecurity related certification: CISA, CISSP, CRISC, and CISM
- Minimum of 10 years of practical experience in implementing Cyber and Information Security standards and developing Cyber and Information Security processes
- Experience in implementing one of the following: NIST framework and ISO27001 Cybersecurity framework
- Experience in multinational company
- Experience in conducting gap and maturity assessments and developing Cyber Security strategies
- Experience in developing Cybersecurity polices, standards, guidelines and operating models
- Experience in developing Cybersecurity capability KPIs and reporting
- Experience in Cybersecurity Operations (SOC) environment
- Experience of performing Cyber assessments on systems (including Cloud assessments)
- Experience of Threat Modelling and Impact/Likelihood assessments
- Experience of assessment of Threat, Vulnerability management related risks
- Experience in compliance assessments
- Experience of standard change control processes, risk assessment and transition in a Dev Ops environment
- One of the following certifications (trained and certified): in Information Assurance / CSSP or equivalent from an accredited and recognised organisation (CREST, IRAP, ACSC, NCSC, CRISC, GIAC, OSCP, and OSCE), data privacy and cloud security related certifications
- Technical professional security certifications in Incident Response, Digital Forensics, and Malware Analysis, such as GCIH, GCFA, GNFA, or GCTI
- Experience in implementing standards and monitoring adhering to local regulations (NCEMA, Abu Dhabi Digital Authority (ADDA), Cybersecurity Council)
- Experience in implementing the UAE Information Assurance Standards (from NESA/ TRA)
- Experience in a diverse/multicultural business industry (obtained from medium to large organisation)
- Experience in the Energy and Utility sector
- Experience in applying data privacy controls and requirements (GDRFA)